Malware problems.. Logs and photos attached.

Discussion in 'Malware Help (A Specialist Will Reply)' started by NeonFlux, Sep 19, 2012.

  1. NeonFlux

    NeonFlux Private E-2

    Hi guys, this my first big malware problem thread here.. I finally decided to post a thread here, because the problems I am having still aren't removed despite following the sticky threads readme's and do-it-yourself removal steps..

    This is the problem I have. It just doesn't stop.
    http://i46.photobucket.com/albums/f115/NeonAera/1AnnoyingYahooadvertisements_zps177d4595.png

    Youtube too.. every 3 sidebar video on the right has two advertisements or more, not sure.
    http://i46.photobucket.com/albums/f115/NeonAera/5Advertisementproblemstillongoingondifferentwebsites_zps3f9a34dc.png

    Pop up problems..
    http://i46.photobucket.com/albums/f115/NeonAera/2Crazyadpoppedoutofnowhere_zps9a0f07b6.png
    http://i46.photobucket.com/albums/f115/NeonAera/4Whattheheckisthispopupfor_zps464575a8.png

    Annoying search bar. I'm not sure if it's meant to be there as a main search bar for Mozilla's browser or anything, but it's annoying that it is there. I have tried to look for options to disable it, but no good..
    http://i46.photobucket.com/albums/f115/NeonAera/3Annoyingsearchbar_zps80383f36.png

    So yeah, the first picture is my really stubborn problem I just suddenly got out of the blue several days ago I just keep getting these double advertisements above Yahoo's search bar.. the same goes with YouTube's website pages as you see above (they are all racked up with other youtube video thumbnails on the right side where you would find and view more videos on youtube) and so, the ads still hanging around despite the fact that I use SUPERAntispyware, Avast!, Adaware, Malwarebytes, Microsoft Security Essentials, and AVG that are all kept updated very frequently and used ONE AT A TIME (I disable AVG's, Adaware firewall's capability and everything only using it's scan, Avast is my main antivirus software for firewall) so until nothing is found... I even used Avast's boot time start up scan... found only one trojan, removed...but the ad problem still persists!! New malware? :cry .. and also the other websites I visit would sometimes have these double ads too.. the websites I go to are pretty secure and benign (no porn websites!! or bad links).. So yeah, the double-ad problem is literally all over the websites I go to now and it's driving me nuts.. I have tried out "Vista and Win 7 Malware Removal/Cleaning Procedure" here on Majorgeeks with all of the software programs, which actually found some viruses and problems.... HitmanPro trial ended already, previously used it, used scan anyway, and found only tracking cookies and no threats... Good sign? And after all that, unfortunately I still have this double advertisement problem....

    Bottom line, search bar is still stuck between "Stop" and "Home", pop problems, and lastly the most irritating, the ad problem. I think I may have downloaded too many hit new songs recently..... just not the right way.....ugh... probably why I got these problems.. Lesson learned. Hidden virus files with song files.. I don't even download any cracks, keygens, or any sexually explicit material :(

    Oh yeah, I keep my laptop pretty well maintained.. I clean every week or two by using my anti-spyware programs scanning for malware, wiping out internet and computer file history, fixing any registry issues, backing up files, and defragging.. I try to keep my computer in top shape to avoid issues, but the problems I have right now are truly a bummer!! and I'm always terrified when I'm online; it's like I don't know if someone's trying to attack my computer or w/e.. I usually turn off my wireless internet connection before sleeping or doing something outside.... yeah, I'm that scared. :( Just doesn't feel safe.. my mom's credit card she let me borrow got used by someone else somehow.. (she lets me use it for online transactions only and I pay her later) she doesn't even use the card locally where there may be people that may steal the card's info.. So I'm guessing.. keyloggers.. :( somehow got ahold of the credit card numbers while typing or something, and used it.. :(

    So yeah, honestly, I feel like I'm in deep #$&# and scared to death of going online at times during the day and night... I hope the recent credit card info I used for online purchasing transactions I used online wasn't stolen by keyloggers or whatever you call them. I'm still going through some disputes on the card that was used without our permission, so it's really a pain in the rear right now..

    Any tips, advice on how to permanently remove these problems away would GREATLY be appreciated guys.. thanks for hearing me out here too. I hope the world's best anti-malware agent or a person skilled at removing malware would post here and help me give me some pointers on how to eradicate the problems I am having.

    Thanks again.
     

    Attached Files:

    NeonFlux, Sep 19, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Not acceptable! You MUST uninstall ALL except one antivirus program or they will still conflict and cause problems fighting for control of security center and and they will slow your PC down. If you want to keep Avast, you must uninst AVG, Adware ( garbage anyway ) and Microsoft Security Essentials and then reboot.

    You need to attach the proper log from MGtools. Do not make your own as you attempted to do. The only log is C:\MGlogs.zip as stated in the instructions. It is not in the C:\MGtools folder.

    If you shutdown Firefox and only use Internet Explorer, do you have the problems you are mentioning?
     
    chaslang, Sep 19, 2012
    #2
  3. NeonFlux

    NeonFlux Private E-2

    :) Hi chaslang, first of all, want to say thanks a lot for deciding to help me out on this one.. As per your instructions, I done what was needed. I have removed/uninstalled Microsoft Security Essentials, AVG completely, and Adaware; and I actually do not experience any advertisement problems, random pop ups while using Internet Explorer at all.. I still plan to use MFF though.. I used MGTools and the log zip file was created and attached from C: this time.
     

    Attached Files:

    NeonFlux, Sep 19, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. I have a couple more questions I need answers to.
    What about when using Google Chrome that I see you have installed.

    Is the below something you knowingly installed?
    Hyperionics DB Toolbar

    If not then uninstall it. If it is, what is for?

    The below is questionable software, do you really need it? If not then uninstall it too:
    Fantapper Player


    Now run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

    After clicking Fix, exit HJT.


    Now uninstall all of the below:
    Ad-Aware Browsing Protection
    Conduit Engine
    Java(TM) 6 Update 29
    uTorrentBar Toolbar


    We are going to be uninstalling your old version of Mozilla Firefox 14.0.1 (x86 en-US) and installing the new version. So do the below to save bookmarks:
    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.
    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla Firefox 15.0.1 Final

    You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot and if it prompts you about saving settings, say No!!!

    After reboot, delete the below folders if they still exist:
    C:\Program Files (x86)\Mozilla Firefox
    C:\Users\William\AppData\Roaming\Mozilla

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).


    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 20, 2012
    #4
  5. NeonFlux

    NeonFlux Private E-2

    :) Hi chaslang,

    So far, so good. I want to straight out and tell you the advertisement problem is definitely gone. :) I believe the software program "Hyperionics DB Toolbar" is the culprit behind all the ads.. after removing it and going online, the ads stopped appearing.. but I can't say for sure this is what really solved my ad problem.. I still had some errors/no response uninstalling some unknown suspicious programs (I'll let you know below), but I'm seriously glad the ad problem is gone and out of my sight.. couldn't stand it. Oh yeah, good news, the registry edit was successful! :)

    Now for the few problems I ran into.. I had issues trying to uninstall FanTapper and Conduit Engine..

    This is a error I got from FanTapper..
    http://i46.photobucket.com/albums/f115/NeonAera/Gotthiserror_zps8513248b.png

    As for trying to uninstall ConduitEngine, it just didn't work out.. I clicked "Uninstall/Change" I get a quick second of hourglass.. (well it's not an actual hourglass like in WinXP, it's the WinVista and Win7 round disc loading hourglass) and nothing happens and the program doesn't uninstall.. Ad-Aware browser protection was already uninstalled when I followed your directions about removing too many anti-virus softwares.. and all the other programs you told me to remove after running MGTools HijackThis, were wiped easily (uTorrent toolbar and Java(TM) 6 Update 29)

    And that's it for the problems I encountered while following your instructions. Everything went pretty well after moving on by the problems trying to remove those unknown software programs..

    So yeah man, chaslang, thank you very much, you helped me so much on this already.. You really support me out with some good info on how to take away my main malware problem and who knows how many more malicious things on my laptop. :) Anyhow, I attached a new MGlogs zip file log. I'm feel pretty relieved now.. I really appreciate it.

    Oh yeah, I have some questions.. what do you think about the software add-on "Xmarks" It's a bookmark software that saves your websites and etc to the internet and to their database.. Do you think it may be malicious in any way? In my opinion, I don't think so, everything about it seems pretty friendly and I have used it for months.. I actually used it to help import my bookmarks and bookmarks toolbar after reinstalling Mozilla Firefox, however I want your opinion on it.. Hm, the search bar on the top right is meant to be there as part of Mozilla's browser, huh? So it's not a malware issue. Great, eh I could live with it.
     

    Attached Files:

    NeonFlux, Sep 20, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Try using the below tool to uninstall things you had a problem uninstalling:
    Revo Uninstaller

    Anything not found or still not remove, should be cleaned up with the rest of the below.

    I also just notice the below which you should uninstall:
    Yontoo Layers Runtime 1.10.01

    Not according to your logs. At least not completely. It still shows even in your most recent log. We may have to finish it off manually.

    I don't trust anyone to handle my personal data accept me. Anything being sent over the internet can also be intercepted. How do you know for 100% certainty that the PCs you are sending your data to are free from any infections? How do you know you can really trust all of their employees to never make a mistake with your personal data?

    I'm not saying they are malicious. I'm just saying I would trust myself more than them.

    Favorites take up an insignificant amount of space. Just save them your own CD and periodically make a new one as necessary. You don't need to waste any time or money doing this on the internet. That's a total waste in my opinion.


    Now uninstall the below old versions of software:
    Java(TM) 6 Update 24 (64-bit)

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    You need to download and run CCleaner to cleanup temp files as requested in step 5 of the READ & RUN ME.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (file missing)
    O23 - Service: Fantapper Player Update Service (FTSvc) - Unknown owner - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (file missing)

    After clicking Fix, exit HJT.

    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
:Services
FTSvc
 
:Files
C:\Program Files (x86)\Brand Affinity Technologies
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\uTorrentBar
C:\ProgramData\AVG2012
C:\ProgramData\Babylon
C:\ProgramData\WeCareReminder
C:\Users\William\AppData\Local\Temp\{25f21f49-d676-4930-bf18-56ce40ee5668}
C:\Users\William\AppData\Local\Temp\{283F642A-BF07-473E-A4EF-E760E090E9D4}
C:\Users\William\AppData\Local\Temp\{5E9B1942-07FA-48D4-BB71-05FF3676B525}
C:\Users\William\AppData\Local\Temp\{DD0BBE2E-0524-4ECB-9C7F-F9C935F8A4A6}
C:\Users\William\AppData\Local\Temp\~DF7A2284AC72548C07.TMP
 

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine ]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 20, 2012
    #6
  7. NeonFlux

    NeonFlux Private E-2

    :) Yo, chaslang! Things are going pretty smooth so far.

    Although I had a hard time trying to remove Yontoo :(
    http://i46.photobucket.com/albums/f115/NeonAera/CantUninstallYonToo_zps37147c28.png

    I tried using CCleaner to uninstall it as well, but no good, same error window.

    Revo uninstaller did not have it loaded on it's window.

    Oh yeah, I managed to get FanTapper out thanks to Revo uninstaller. I deleted some of the registry files linked to fanTapper and some other things I think, and it's gone.

    I also downloaded CCleaner from CNET download.com and used it to clean up some recent history files and fix my registry. Seems like a really neat software tool according to reviews, thanks for showing this software to me! Might use this instead of PC Performance Toolkit I use. Looks promising.

    So yeah, I've eventually done the rest with no probs.

    OTM and MGTools logs attached.

    Things are looking pretty good, thanks again, chaslang.
     

    Attached Files:

    NeonFlux, Sep 21, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should have used the link I gave you in our cleaning procedure to download from Major Geeks!

    We DO NOT recommend using any registry cleaners nor any performance tweakers. They are typically not needed. And registry cleaning frequently causes more problems then it fixes and many times you do not see the negative effects for awhile. We have had quite a few people coming here complaining about malware slowing there PC down, or about software not running properly or crashing, or Windows crashing, or even Windows Update not working. Many times this was due to using registry cleaners that remove many things that are not problems and should not be touched. The PC I'm typing on has been running Windows XP since it first came out and has never needed any registry cleaning. It still runs perfectly fine.

    The only excpeption to using registry cleaners would be if an expert like myself asked you to run a cleaner and then specifically told you what to fix and what to ignore.

    Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Sep 21, 2012
    #8
  9. NeonFlux

    NeonFlux Private E-2

    :wine Alrighty chaslang, I did all of the steps including re-enabling UAC, toggling system restore, etc. I'll check out the thread about how to protect yourself from malware.

    Everything on my laptop running really well. Thanks alot chaslang, I really appreciate the help. :cool
     
    NeonFlux, Sep 22, 2012
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Sep 24, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds